Virtualization Security

Virtualization Security focuses upon end-to-end security, integrity, auditability, and regulatory compliance for virtualization and clouds. Virtualization Security starts where the cloud and virtual environments begin: the end user computing device.|We follow the user through the virtual and cloud stacks until they reach the application the user wishes to use to retrieve the data that is important to them. Virtualization and cloud security is implemented where there is an intersection between user, data, and application while maintain strict control of management interfaces. As such virtualization security looks into all aspects of security devices, tools, controls, and guides that impact or can be used to secure virtual and cloud environments.

Most Recently added Virtualization Security Resources: (See More...)

Security and Compliance only when Auditor is at the door

January 22, 2010
By

I was privileged to speak at the 3rd Annual South Florida ISACA WoW! Event with Robert Stroud, Alan Shimel, and other great speakers. What I discovered from this conference is something I have feared for quite a number of years. Compliance actions are not continuous but often only enacted when the auditor shows up at…

Read more »

End-To-End Virtual Environment Security

January 18, 2010
By

Have you ever wondered how all the virtualization security tools fit together? Wait no longer as we have a new White Paper that will tell you this information. How do products from Altor Networks, Catbird Security, Reflex Systems, HyTrust, Tripwire, and others fit within your virtual environment?

Read more »

Backup Security

January 14, 2010
By
Backup Security

When you think of backup security, many people think of ensuring tapes are offsite or even encryption on media, but what is really required for backup security? There is quite a bit going on when someone performs a backup within the virtual environment, so where does security begin and end for making a single or…

Read more »

Virtual Disk Encryption

January 6, 2010
By

In the article End-to-End Virtual Machine Backup I mentioned the new VMware Workstation 7.0 feature that creates an encrypted disk but in reality it is an encrypted virtual machine, which also implies encrypting the virtual disk. This one option to VMware Workstation is something that is needed within VMware vSphere as well as the other…

Read more »

2009 In Retrospect

December 31, 2009
By

Quite a bit has gone on in our industry in the last year. While this is not intended to be a comprehensive review of all that has occurred, we hope that we have captured the important events that have shaped virtualization and cloud computing.

Read more »

Does Virtualization Security take a New Way of Thinking?

December 17, 2009
By

I recently participated in the InformationWeek Dark Security Virtual Event as a panel member with Hoff, Craig Balding, Chris Wolf, Glenn Brunette, and Jon Oberheide. A very far ranging group of individuals from research, security organizations, analysts, and authors. What is interesting is that most of these same people have joined me on the Virtualization…

Read more »

PCI discussed on the Virtualization Security Podcast

December 16, 2009
By

The last Virtualization Security Podcast covered PCI, Kurt Roemer and Jeff Elliot who were guests represented PCI.  PCI as you hopefully know is working on compliance guidance for payment systems running within virtual machines and the cloud. This early discussion is a plea for people to get involved in reviewing the currently developing white-paper. While…

Read more »

Virtualization Related SSL MiTM Attack, chances?

December 9, 2009
By

There has been quite a bit of discussion between myself, Tim Pierson, and other with respect to SSL man-in-the-middle attack possibilities within the virtual environment. But what are the chances that such an attack will happen, or that someone would know how to perform the attack? What does the attack depend upon?

Read more »

VLANs/FCoE/CNA – Mixed Security Data on One Wire

December 2, 2009
By

Over the past year or so I have been thinking pretty heavily about the direction networking is taking within virtualization. In some ways, it appears security has been forgotten or relegated to 'encrypt' and forget. However, it takes quite a bit of knowledge and time to properly set up the backbone of an 'encrypt' and…

Read more »

Featured Solutions